CAS-005 Dumps Questions Increase Your Chance of Success

1. A user reports application access issues to the help desk.

The help desk reviews the logs for the user





Which of the following is most likely The reason for the issue?

2. A company's help desk is experiencing a large number of calls from the finance department slating access issues to www bank com.

The security operations center reviewed the following security logs:





Which of the following is most likely the cause of the issue?

3. A company wants to invest in research capabilities with the goal to operationalize the research output .

Which of the following is the best option for a security architect to recommend?

A. Dark web monitoring

B. Threat intelligence platform

C. Honeypots

D. Continuous adversary emulation

4. Which of the following is the main reason quantum computing advancements are leading companies and countries to deploy new encryption algorithms?

5. Users are experiencing a variety of issues when trying to access corporate resources examples include

• Connectivity issues between local computers and file servers within branch offices

• Inability to download corporate applications on mobile endpoints wtiilc working remotely

• Certificate errors when accessing internal web applications

Which of the following actions are the most relevant when troubleshooting the reported issues? (Select two).

A. Review VPN throughput

B. Check IPS rules

C. Restore static content on lite CDN.

D. Enable secure authentication using NAC

E. Implement advanced WAF rules.

F. Validate MDM asset compliance

6. After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed.

• Exfiltration of intellectual property

• Unencrypted files

• Weak user passwords

Which of the following is the best way to mitigate these vulnerabilities? (Select two).

A. Implementing data loss prevention

B. Deploying file integrity monitoring

C. Restricting access to critical file services only

D. Deploying directory-based group policies

E. Enabling modem authentication that supports MFA

F. Implementing a version control system

G. Implementing a CMDB platform

7. An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry.

Which of the following should the security analyst use to perform threat modeling?

8. A security engineer is developing a solution to meet the following requirements?

• All endpoints should be able to establish telemetry with a SIEM.

• All endpoints should be able to be integrated into the XDR platform.

• SOC services should be able to monitor the XDR platform

Which of the following should the security engineer implement to meet the requirements?

9. A systems engineer is configuring a system baseline for servers that will provide email services.

As part of the architecture design, the engineer needs to improve performance of the systems by using an access vector cache, facilitating mandatory access control and protecting against:

• Unauthorized reading and modification of data and programs

• Bypassing application security mechanisms

• Privilege escalation

• interference with other processes

Which of the following is the most appropriate for the engineer to deploy?

10. Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment .

Which of the following actions should be taken to address this requirement?

11. A systems administrator wants to introduce a newly released feature for an internal application. The administrate docs not want to test the feature in the production environment .

Which of the following locations is the best place to test the new feature?

12. A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP.

Which of the following is me b»« way to reduce the risk oi reoccurrence?

13. Audit findings indicate several user endpoints are not utilizing full disk encryption During me remediation process, a compliance analyst reviews the testing details for the endpoints and notes the endpoint device configuration does not support full disk encryption.

Which of the following is the most likely reason me device must be replaced?

A. The HSM is outdated and no longer supported by the manufacturer

B. The vTPM was not properly initialized and is corrupt.

C. The HSM is vulnerable to common exploits and a firmware upgrade is needed

D. The motherboard was not configured with a TPM from the OEM supplier.

E. The HSM does not support sealing storage

14. You are tasked with integrating a new B2B client application with an existing OAuth workflow that must meet the following requirements:

. The application does not need to know the users' credentials.

. An approval interaction between the users and the HTTP service must be orchestrated.

. The application must have limited access to users' data.



INSTRUCTIONS

Use the drop-down menus to select the action items for the appropriate locations. All placeholders must be filled.









See the complete solution below in Explanation:

15. A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin .

Which of the following best describes the cyberthreat to the bank?

16. A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations.

The system must

• Be survivable to one environmental catastrophe

• Re recoverable within 24 hours of critical loss of availability

• Be resilient to active exploitation of one site-to-site VPN solution

17. Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network.

A network engineer observes the following:

• Users should be redirected to the captive portal.

• The Motive portal runs Tl. S 1 2

• Newer browser versions encounter security errors that cannot be bypassed

• Certain websites cause unexpected re directs

Which of the following mow likely explains this behavior?

18. A security analyst Detected unusual network traffic related to program updating processes The analyst collected artifacts from compromised user workstations. The discovered artifacts were binary files with the same name as existing, valid binaries but. with different hashes which of the following solutions would most likely prevent this situation from reoccurring?

A. Improving patching processes

B. Implementing digital signature

C. Performing manual updates via USB ports

D. Allowing only dies from internal sources

19. A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration.

A security engineer is troubleshooting and observes the following configuration snippet:





Which of the following should the security engineer modify to fix the issue? (Select two).

20. A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients' charts.

The hospital wants to ensure that if a tablet is Identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds.

The tablets are configured as follows to meet hospital policy

• Full disk encryption is enabled

• "Always On" corporate VPN is enabled

• ef-use-backed keystore is enabled'ready.

• Wi-Fi 6 is configured with SAE.

• Location services is disabled.

• Application allow list is configured

21. After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation .

Which of the following would the company most likely do to decrease this type of risk?

A. Improve firewall rules to avoid access to those platforms.

B. Implement a cloud-access security broker

C. Create SIEM rules to raise alerts for access to those platforms

D. Deploy an internet proxy that filters certain domains

22. A software company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application.

Which of the following is the most likely cause of the alerts?

A. Misconfigured code commit

B. Unsecure bundled libraries

C. Invalid code signing certificate

D. Data leakage

23. A global manufacturing company has an internal application mat is critical to making products This application cannot be updated and must Be available in the production area A security architect is implementing security for the application .

Which of the following best describes the action the architect should take-?

A. Disallow wireless access to the application.

B. Deploy Intrusion detection capabilities using a network tap

C. Create an acceptable use policy for the use of the application

D. Create a separate network for users who need access to the application

24. A news organization wants to implement workflows that allow users to request that untruthful data be retraced and scrubbed from online publications to comply with the right to be forgotten.

Which of the following regulations is the organization most likely trying to address?

25. All organization is concerned about insider threats from employees who have individual access to encrypted material .

Which of the following techniques best addresses this issue?

26. An engineering team determines the cost to mitigate certain risks is higher than the asset values The team must ensure the risks are prioritized appropriately .

Which of the following is the best way to address the issue?